CVE-2024-47902

Missing Authentication for Critical Function (CWE-306)

Published: Oct 23, 2024 / Updated: 27d ago

010
CVSS 6.9EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12) and InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled, which is not the default configuration). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

Impact

This vulnerability allows an attacker to execute unauthorized commands on the affected devices' operating system level without authentication. The potential impacts include: 1. Unauthorized access: Attackers can bypass authentication mechanisms and gain access to critical system functions. 2. Command execution: Malicious actors can run arbitrary commands on the affected devices, potentially leading to system compromise or data theft. 3. Information disclosure: Sensitive information about the system or network could be exposed through unauthorized command execution. 4. System manipulation: Attackers could potentially modify system settings or configurations, leading to service disruptions or further security breaches. 5. Pivot point: Compromised devices could be used as a stepping stone to launch attacks on other systems within the network.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Siemens has released updates to address this vulnerability. For InterMesh 7177 Hybrid 2.0 Subscriber, update to version V8.2.12 or later. For InterMesh 7707 Fire Subscriber, update to version V7.2.12 or later if the IP interface is enabled.

Mitigation

1. Update affected devices: Apply the latest firmware updates provided by Siemens to patch the vulnerability. 2. Version control: Ensure InterMesh 7177 Hybrid 2.0 Subscriber is running version V8.2.12 or later, and InterMesh 7707 Fire Subscriber is running version V7.2.12 or later if the IP interface is enabled. 3. Network segmentation: Isolate affected devices in a separate network segment with restricted access until patching is complete. 4. Firewall rules: Implement strict firewall rules to limit access to the web interfaces of affected devices, allowing only trusted IP addresses. 5. Monitoring: Implement robust logging and monitoring solutions to detect any suspicious activities or unauthorized access attempts. 6. Disable unnecessary services: If possible, disable the IP interface on InterMesh 7707 Fire Subscriber devices if not required. 7. Regular security assessments: Conduct periodic vulnerability scans and penetration tests to identify and address any remaining security issues.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47902

Oct 23, 2024 at 3:15 PM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 23, 2024 at 3:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47902. See article

Oct 23, 2024 at 3:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 23, 2024 at 3:21 PM
Threat Intelligence Report

CVE-2024-47901 is a critical vulnerability in InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber devices, with a CVSS score of 10.0, allowing unauthenticated remote attackers to execute arbitrary code with root privileges. Currently, there is no evidence of exploitation in the wild or proof-of-concept exploits, but patches are available for affected devices, and immediate updates are strongly recommended. Mitigations include disabling the IP interface if not needed, implementing network segmentation, and monitoring for suspicious activities. See article

Oct 24, 2024 at 6:44 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 18%)

Oct 24, 2024 at 9:50 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 30, 2024 at 3:50 PM / nvd
Static CVE Timeline Graph

Affected Systems

Siemens/intermesh_7707_fire_subscriber_firmware
+null more

Patches

cert-portal.siemens.com
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

References

Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution.
Siemens InterMesh Subscriber Devices
The following versions of Siemens InterMesh Subscriber Devices, a wireless alarm reporting system, are affected: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
Siemens InterMesh Subscriber Devices
The following versions of Siemens InterMesh Subscriber Devices, a wireless alarm reporting system, are affected: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
See 1 more references

News

Multiple vulnerabilities in Siemens InterMesh Subscriber Devices
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution.
Siemens InterMesh Subscriber Devices
The following versions of Siemens InterMesh Subscriber Devices, a wireless alarm reporting system, are affected: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
Siemens InterMesh Subscriber Devices
The following versions of Siemens InterMesh Subscriber Devices, a wireless alarm reporting system, are affected: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
CVE-2024-47901 (CVSS 10): Critical Security Flaw in Siemens InterMesh
These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on affected devices. According to Siemens, “ The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level .”
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI